[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2019-3812 - qemu - Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory discl
From: Wade Mealing <wmealing () redhat ! com>
Date: 2019-02-18 3:21:59
Message-ID: CALJHwhSVO9HQDkChaAy0ULqfHgMCODtaaLX9sPgz6OyFueUm9A () mail ! gmail ! com
[Download RAW message or body]
QEMU through version 2.10 through to 3.1.0 is vulnerable to an
out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c in the
function i2c_ddc() function. A local attacker with permission to
execute i2c commands could exploit this to read stack memory of the
qemu process on the host.
This was fixed upstream in commit 5b267840515730dbf6753495d5b7bd8b04ad1c
Systems without a monitor connected are affected, as are virtual
monitor is presented to virtual guests. Systems with no graphics
cards attached to the virtual host are not affected.
This seems to be an information leak of stack contents which can be
used to defeat some kernel level protections and simplify further
attacks.
Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1665792
Github patch on qemu:
https://github.com/qemu/qemu/commit/b05b267840515730dbf6753495d5b7bd8b04ad1c
Thanks,
--
Wade Mealing
Product Security - Kernel, RHCE
Red Hat
wmealing@redhat.com
TRIED. TESTED. TRUSTED.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic